- Google will send you a router to intercept your entire household's internet traffic on all devices with a browser (https://support.google.com/audiencemeasurement/answer/757439...)
- Google will send you a device that listens 24/7 to audio in the room to figure out what you are watching on TV and listening to (https://support.google.com/audiencemeasurement/answer/757476...)
- Google's project includes tracking of desktop and laptop internet activity via a browser extension that can basically read literally anything you do online (https://support.google.com/audiencemeasurement/answer/757448...)
This isn't just trying to figure out what new up-and-coming apps are going to be the next big thing, this is Google building out very far-reaching profiles of your entire household, in return for some gift cards. This is signing away your family's entire digital life (and a significant part of anyone they interact with in a browser).
People who signup for this already know what they are doing and the program has a privacy section saying that the data is only shared with Google which is pretty much akin to having any Smart Speaker. Not only that but it also says that the data wouldn't be used to "advertise to you or sell you anything" which is not the case with Smart Speakers.
In essence, from a privacy point of view, when compared to having a Smart Speaker, this is better I'd say.
Informed consent is kind of a grey area. How much do you normally know about the consequences of your actions? How can you prove that you know what you're doing? Should your freedom to enter an agreement be restricted if you can't prove that you know what you're doing?
Legally, you prove consent by signing a contract. Sometimes people go above and beyond that to make sure people really and truly know what they're getting into, but there's a question how far you should go.
I don't think we can know just from reading this article how informed the people signing up were. They didn't interview anyone to find out.
It's hard for me to see either of those cases being a slam dunk here. There's at least some potential for serious harm in the event of a data breach. And the potential benefit - an already rich company getting even richer - doesn't carry a whole lot of moral weight.
I’ve never heard of corporate market research being reviewed and approved by an IRB. Not sure how that would work since the board would hardly be independent anyway, but I’d guess the main reason it doesn’t happen is there is no law requiring it.
Passively reading something usually isn’t enough. The minimum often some kind of interactive explanation that includes a way for subjects to ask questions. I’ve heard tell of groups giving short “quizzes” for experiments with wired requirements and side effects.
For kids specifically, you often need to get both the parents’ consent and the child’s assent. The details vary with the child’s age (older kids opinions get more weight) and the nature of the research (kids can opt out of basic research, but the parents might be able to override the kids’s desire to (say) avoid a shot if it’s part of a potentially lifesaving clinical trial).
I was surprised recently to learn just how grey.
The company I work for used to have a big full-page opt-in form for text messages. Then one day it was pulled from the web site. Why? Because our usually very privacy-conscious legal team decided that if anyone gives us their phone number anywhere, it counts as consent to receive text messages.
Very sad, and in my opinion slimy. I’m glad I’m not on the social media team.
There’s an “enterprise certificate”—installing the enterprise certificate allows you to side-load applications. This is relatively benign. Both Facebook and Google do this, in both cases apparently a violation of Apple policy.
There’s a “root certificate”—installing the root certificate allows you to do MitM attacks and read encrypted traffic like messages, bank passwords, etc. The Facebook app appears to do this and I would characterize this reckless, irresponsible, and unambiguously unethical.
Sure this particular app is debatable.. but I have also worked in the music streaming industry. While being super respectful of the users, we still have sometimes had to wait for months for Apple's approval.
Having a single agent being able to gatekeep what you can install on your phone at their own discretion is an issue since there will always be the temptation to prevent any competitor from getting in your space.
As I understand it, it’s because the apps were being distributed using a method that is supposed to be used only inside the company. Like for beta testing software, or for in-house applications used by employees only. Anything going to the general public is supposed to go through the App Store under Apple’s terms and conditions.
You're basically saying you like Blockbuster video because there's no porn and they only have the "edited for the Airlines" versions of movies.
Great, but other people would like to use their device for whatever they want.
Yes, I know you'll say "so buy a device from someone else". I don't agree with that anymore than I think Ford should be able to make a car you're not allowed to drive anywhere Ford says your not. If Ford did that I don't think the answer should be, "if you want to drive other places buy a car from someone else". IMO the answer should be it's illegal for Ford to control my car to that level.
I'm hoping Apple loses the case against their monopoly on the App store (although given the details of the case I don't think this particular case will succeed so I'll have to wait for another)
You only buying Nike shoes does not require that all other companies are banned from selling shoes, you only eating McDonald's burgers does not require all other restaurants to be closed, and you only buying software through Apple does not require that there is no other ways to install software either, that's just authoritarian bullshit.
It's their platform, they can choose the rules behind app distribution. They chose to allow it through methods controlled by themselves. If a third party wants to distribute apps, then they have to abide by the terms set by Apple.
We're a large NFP but not a particularly large organization so I'm not sure if we get preferential treatment but our business lead has a direct point of contact with an App Store representative and has used it to get extended information about and, from our perspective, force through Apps releases stuck in review.
He isn't the type of person to sit idly by when a process is taking an abnormal amount of time so part of me thinks it isn't a case of preferential treatment but rather the squeaky wheel getting the grease.
I'm sure having someone he can get on a phone and hold accountable goes a long way. I'm still unclear how he managed that.
You are not playing. You are presenting arguments and attempting to sway opinion.
I’ll ask directly: do you not stand behind the arguments you’re making?
You seem not to understand the concept of Devil's Advocate, while the person you responded to clearly does.
It's only the argument that counts. A person is thereby shielded from association with the argument and does not need to show their real intent.
For example, in gsuite they only claim to not mine your data for advertising purposes. Does that mean 'we only use your data to provide the service', or does it mean 'we use your data for everything but advertising'?
Many people I know barely even know how their data is or isn't used, and are shocked by recent news stories. That's not informed consent imo
1. Google's entire business model is advertising through collecting more complete user data.
2. Why would they collect this data if not to further their advertisement business?
3. I've never heard of companies collecting data that wouldn't further their business pursuits.
This data is either "digital-oil" or "digital uranium" both still extremely valuable.
Data laundering needs to be recognized as a thing.
They have enough paid devil’s advocates arguing for them disingenuously; no need to spread their propaganda for free!
From a very quick online search:
Of course, such fines (etc) are subject to potential change over time because lawyers. But they're definitely not a bastion of good actions and credibility. :(
If you'd rather deal with evidence and reason than with guesses, I can understand that. But dude...c'mon.
Even when it does technically declare somewhere in there what "might be" recorded (usually in terms like "we record data such as [...]" which don't actually limit what they can record), the company itself will handwave it away as "we're just covering ourselves in case we have to write your name down if you call us for tech support" or similar inanities.
The fact that so many people were surprised about the Cambridge Analytica scandal when selling such access is explicitly Facebook's business model and everyone participated voluntarily should tell you everything you need to know about how much the average user of these services "knows what they're doing".
Devil's advocate is exactly the right word for defending these practices - they're like a Disney villain holding a giant contract scroll and a fountain pen dipped in blood. Don't worry about the fine print, just click ACCEPT, and I'll give you what you want, right?
But do the people they interact with, or invite into their home, know what they are doing? Does Google presume to have consent-by-proxy here?
Yes, shocking that requesting a router that will report "the sites you visit, device IP address, cookies, and diagnostic data" for market research will take a look at my household's internet traffic...
It's just Nielsen but from Google (Nielsen these days literally works by putting a microphone in your house and collecting all your internet activity). The novelty of this story doesn't have anything to do with these things, just the iOS app.
Yessir, how could there be a problem here? And all those third-parties consented to their communication intercepted and stored by, well, another third-party?
No, this is some CFAA federal crime trojan stuff.
Unlike hidden terms in privacy policies it's made quite clear what's going on here.
however, with the browser extension installed you don't need to - they just read the content after your browser decrypts it.
Don’t know if they are doing this, but it’s certaibly possible to do this at router (or router dumps traffic to google to decrypt).
It’s much easier for google to do this since they make chrome. Another company would have to adjust the cert trust on each machine.
That would require Google either sending the traffic back to google and out again (slowing a lot of things down) or Google putting a signed private key on the router themselves (a violation of CA agreements and a remarkably stupid thing to do in general). If they did that it would not be difficult for someone to extract that key and certificate. This would be a huge security breach.
I agree that it’s a security breach, but it happens all the time. Look at enterprise products like ForcePoint  that will do deep inspection on https sessions because they have custom CA installed on enterprise clients. Many companies do this.
Because it’s their router hardware it would be possible to present anyone extracting the intermediate mitm carts and keys. The data are likely sensitive, but that’s what They have already.
Tools like ForcePoint don’t put a “real” CA cert on the device. They typically create a new CA per device, install that into the downstream client CA trusted roots and then generate mitm certs signing with this new cert.
Corporations install root certs all the time. It wouldn't require violating CA agreements.
Surely there must have been more to their contingency plan? They have great engineers and I'm surprised there wasn't more than a PR response up their sleeve. Just for example, in retrospect, why did they use the mainline Facebook iOS enterprise certificate to sign this app rather than a cert from one of their subsidiaries or acquisitions -- wouldn't that have de-risked a bit?
Not to me. That’s pretty much how I expect Facebook to operate these days.
Sadly, it’s not just Facebook. Pretty much every time any article posted on HN points out how Company X is misbehaving the thread is flooded with “But... but... Company Y does it, too!” It’s like the SV bubble falls back on the logic of a five-year-old whenever they get caught with their hands in the cookie jar.
This episode is a win-win.
> Facebook expanded its work with Definers Public Affairs, a Washington public relations firm, in October 2017 after enduring a years-worth of external criticism over its handling of Russian interference on its social network.
> Definers Public Affairs wrote dozens of articles criticizing Google and Apple for their business practices while downplaying the impact of Russia's misinformation campaign on Facebook.
> Facebook also used the firm to push the idea that liberal financier George Soros was behind a growing anti-Facebook movement.
> Definers began doing some general communications work, such as running conference calls for Facebook. It also undertook more covert efforts to spread the blame for the rise of the Russian disinformation, pointing fingers at other companies like Google.
> A key part of Definers’ strategy was NTK Network, a website that appeared to be a run-of-the-mill news aggregator with a right-wing slant. In fact, many of NTK Network’s stories were written by employees at Definers and America Rising, a sister firm, to criticize rivals of their clients, according to one former employee not allowed to speak about it publicly. The three outfits share some staff and offices in Arlington, Va.
> The social network secretly hired a PR firm to plant negative stories about the search giant, The Daily Beast's Dan Lyons reveals—a caper that is blowing up in their face, and escalating their war.
A thought experiment: imagine a corporate TOS including a clause that specifically prohibits use of devices/software that violates the provider's privacy. E.g. an end user's account can be terminated because they're using Google/FB/other "voluntary" spyware...
All these privacy histrionics are supplanting all other individual rights, personal accountability has to break out of this permission loop, even legally speaking, otherwise no one would be able to do anything.
The problem isn't about installing something on your phone, it's about handing over every single private communication you have with others without getting their approval. It contradicts your first assumption that people have _opted in_.
> All these privacy histrionics are supplanting all other individual rights, personal accountability has to break out of this permission loop, even legally speaking, otherwise no one would be able to do anything.
Are you're suggesting that no consent is necessary for you to put other people's private information on sale?
If you send me a snailmail, I have all right to publish what you right to me (with a few exception, of course).
That's why we got all those email disclaimer nonsense.
The privacy backlash is precisely about people becoming more aware of the latter class of behavior and rebelling against it. Complaining that "no one would be able to do anything" is a straw-man without relevance to the actual social conversation going on right now.
(A quick example of this brand of individualism that offers the individual right, non-declinable, to be analyzed and sanctioned by the government: https://news.ycombinator.com/item?id=18704330)
I see you follow Google closely; close enough to know that privacy concerns have hardly impeded its growth and dominance. Same with all other major tech companies.
Does a privacy minimalist mentality need to be imposed on everyone? (I'm asking rhetorically. In either form, it's not a substantial argument: it's a strawman. Privacy isn't a measurable quantity, and each person or community cares about protecting or revealing different things.)
Edit: Q.E.D. https://news.ycombinator.com/item?id=19039593
I kinda think so, yeah. Everyone flies past the privacy stuff, or gives compromises, or is traded free Farmville points, or given extra coins, or a new shiny feature in exchange for it, their friends are on it, their celebrity is on it, etc.
People will opt-in for all those reasons not realizing or seeing what they gave up or its consequences.
This Google app, unlike Facebook's, do not decrypt traffic.
Now tell me who don't know what they consent to.
I know this is not the same as privacy, but consider it when saying "is consent not enough anymore"
I'll submit this for consideration: you're right, it's 100% fine from an individual standpoint. But there's an aggregate effect of some sort that is a concern. Every move like this changes people's standards and expectations. Call it a "cultural shift", and call us "conservatives" along this particular axis. If we don't want to live in a world where companies pull this sort of shit on _every_ user to the point that the privacy-conscious among us have no choice, we want fewer people around us to be okay with it.
So what does that imply we should do? I'm not sure. Maybe simply push back as we are. Maybe try to impress onto opters-in just what they're selling, and maybe they'll reconsider. Maybe ask Google to simply brand this differently. Call it the "Truman Show Package". So at least everyone is aware that, while the data being collected is valuable, and while everything is 100% a-ok so long as everyone consents, this is NOT NORMAL and nobody should accept it as such.
So, people who fit that "if" clause. I assume it's a significant number of people here.
some people have different value judgements than you do -> those people also probably think statements like yours are paternalistic and condescending.
I think most people would prefer that to receiving a check in the mail, or cash in the mail, or supplying banking details for a direct deposit.
They seem to have cards available for multiple merchants. If they have a decent selection there should be something available from a merchant a given subject actually buys things from. If so, a gift card is pretty much as good as cash.
I, too, like to add unnecessary sensors to devices which considerably increase their value, despite never using them.
And for some reason it's important that you can see the device even though the camera is turned off?
I wouldn't be so thrilled to have a thermostat that requires internet to function at home. Or is that only for those networked features?
Nest did give her control over the entire building's system. IIRC it was actually an employee that shut the system off after a power cycle/outage thinking they were protecting the equipment, but failed to restart it. If she hadn't had the insight the system would have been off all night.
I think it has its perks.
So consumers are paying to buy a router that will allow google to mine and link all browsing behavior to their google account.
Also, if you own a google home, it won't work without all sorts of permissions being enabled at the account level, including web activity and app history 
Both of these fantastic privacy violating products are available for Purchase at an electronics retailer near you.
What browser extension is this?
Agreed, but don't minimize the value of logging all DNS requests. You can get an unbelievable amount of deeply personal information from having a list of every DNS lookup. As an experiment, fire up a pi-hole and look at the logs of your own requests. There will likely be a lot of info in there you wouldn't want public.
Readers on HN, you’re supposed to be far more skeptical and employ your Young Reaganite “Trust But Verify” glasses before upvoting blindly like this. Even if the facts are correct, the talking points are clearly presented as (in the favorite words of so many on here) “submarine PR.”
Many of Google's services have a great deal more basic utility than anything Facebook provides. I think that also provides additional cover for them.
When Facebook pushes for more data collection, it almost always looks way more self-serving than when Google does.
That still doesn't make it good, but it helps. Whereas Facebook literally created a shell-company to mislead both users and Apple (who was trying to act in the users' best interest).
I wouldn't ever think that anything called "Facebook XXX" is a facebook app, even more so if it's clearly sold by a shell company. It was hiding, even though it was ironically in plain sight.
For any sane person, the only way to know the "official" ones are to check the developer account, in this case, it was not Facebook.
Hence, for any sane person, the only reasonable assumption was that it was not a Facebook sponsored one.
I would so gladly pay money for a version of Google's services which was 1) client-side encrypted, 2) not mined whatsoever by Google - even the metadata, and 3) ad-free. They really do make useful, high-quality software, but I refuse to give them my life's data. I switched to using Apple for everything cloud-related, and while Apple Maps isn't as bad as people think, and Safari, Notes, and Calendar get the job done, they're also not as good as Google's equivalents.
Finally Apple has to stop responding to requests for ban reason and send out automated emails that their decision is final and binding.
This is how Google behaves with it's users.
However they did not, as far as we know, track government officials' locations to evade investigation (https://www.nytimes.com/2017/05/04/technology/uber-federal-i...). It seems you have to have a man-child as your founder and CEO before you'll do something that brazen.
I.e. here people at least notice and care. Every other community I've been a part of - at workplace, at hackerspace, at home - everyone's just "so they do spy on you, who cares ¯\_(ツ)_/¯".
In my non-tech circle of friends both are equally regarded to as evil spying megacorps.
It has always been used as a release valve for the standard restrictions of the app store process.
This isn't true; when you logged in with TestFlight, they pushed a configuration profile to you that would collect your UDID. The developer would then register those UDIDs with Apple and sign the app with an ad hoc provisioning profile / normal developer certificate, as Apple intends.
You could also distribute enterprise apps through TestFlight, but they did nothing specifically to help you do that, they were just a hosting service in that respect. They certainly didn't abuse enterprise certificates themselves, although somebody using their service could, just as they could use any hosting service to distribute the apps OTA.
It's the new TestFlight service that distinguishes between internal and external testers. There's very little similarity between the old and the new TestFlight beyond their general mission statements. They don't work in the same way at all and the new TestFlight was built from the ground up.
Depending on exact definitions, the people in an outside compensated "research panel" could be seen as "employed by" the company doing the research. There's consideration being exchanged for services rendered.
Apple holds all the cards here. If it wants to punish Google over this, it will, and Google won't be able to do a thing about it, terms or no terms.
Whether that's considered justified, and even whether such an action might create a legal/antitrust liability for Apple, could depend on the actual terms/definitions Apple provided.
In the long run, Apple can adjust their terms subject only to a few legal and market checks. But in the short term, Apple should respect the terms they've offered, contractually, to other entities.
Further, Apple has a 100% monopoly control of the iOS App Store.
Here is the better explanation from the FTC:
> Further, Apple has a 100% monopoly control of the iOS App Store.
That irrelevant. Best Buy also has a 100% monopoly control of Best Buy stores. That doesn’t mean that Best Buy has a monopoly on consumer electronics stores, nor does Apple have a monopoly for computer app stores.
True, Apple does have a monopoly when it comes to the iOS App Store.. but no more of a monopoly than Baskin Robbins has for ice cream sold by Baskin Robbins. That doesn’t mean you can’t by non-Baskin Robbins ice cream somewhere else, nor does it require Baskin Robbins to sell Hagen-Daz. If you want to be a sell your stuff at a store, you have to follow the rules of that store and pay the commission. Just like there are other places to buy computer software for a mobile device, there are other places to buy ice cream.
A Costco member can buy and load gift cards, and then give them to a non-member, and that card will admit the non-member to Costco stores and allow them to buy things there on the card.
Some of us wouldn't use Costco enough to justify buying a membership, but would like to use them occasionally, and this gift card hack would allow that.
All hail arbitrary Apple, unbound by contract or law! Save us from ourselves, Tim Cook!
"Apple grants you...license to....
(f) Allow Your Customers to use Your Internal Use Applications on Deployment Devices, but only (i) on Your physical premises and/or on Your Permitted Entity’s physical premises, or (ii) in other locations, provided all such use is under the direct supervision and physical control of Your Employees or Permitted Users (e.g., a sales presentation to a Customer);"
FWIW, I am a paid-up, registered member of the Apple Developer program, but still can't access that page, as it is apparently limited only to enterprise developers. So I can't check the definitions/details myself.
That limitation also helps me understand why so few, here or in the journalistic coverage I've seen, seem willing to quote the exact section violated. Those curious and willing to answer perhaps cannot access the formal wording, whereas those with the rights to access the terms may fear they'd be violating some obscure provision of their Apple agreements by merely quoting it.
That means Google pays that money simply to ward off Bing/Yahoo. Maybe.
I’m interested to know more.
$9 billion is the “traffic acquisition cost to distribution partners” in 2017, which includes payments to Apple as well as other entities that send people to Google properties. This cost comes out to only 11.6% of the associated revenue. It’s likely that the amount of money paid to Apple is contractually linked to the revenue Google gets from ad clicks that can be tracked back to a link from Apple.
So there’s really no need for theories about the abstract value of user data here, it’s a simple referral fee for the ad clicks that are Google’s main business.
From what I've read, the Google app does not appear to be doing this.
I am assuming the main reason that Apple revoked the enterprise distribution certificate for Facebook is due to this man-in-the-middle attack on encrypted traffic. The fact that they are solely circumventing the Appstore using an enterprise distribution certificate is a different issue.
Is my understanding of all this true? It would seem to me that Google isn't really doing anything that bad and Facebook has had its enterprise distribution certificate revoked for good reason.
“We designed our Enterprise Developer Program solely for the internal distribution of apps within an organization. Facebook has been using their membership to distribute a data-collecting app to consumers, which is a clear breach of their agreement with Apple. Any developer using their enterprise certificates to distribute apps to consumers will have their certificates revoked, which is what we did in this case to protect our users and their data. “
Google is doing the exactly same thing as Facebook is doing here and so are many other companies.
It’s common practice for businesses of all types to conduct customer research. Not just in qualitative ways but also quantitatively as in this case.
I personally don’t think there is anything wrong with that...though others here disagree on that point.
Of course all of these companies are in violation of Apple’s terms...so obviously Apple is in the right to enforce them properly.
I would like to see this spelled out. What are the risks? Why is this any worse than being a Nielsen family back in the day?
It seems like the most likely thing to happen to the people who signed up for this is: nothing. They helped a tech company with their research and got paid. That's it.
Considering how most people use their phones, this basically gives Google all of your information. There is little to nothing they would not know about you.
Worse is them being able to get information about other people (thanks to them messaging you, while you have this tracker running) without their consent.
It's one thing to do a nastly covert data mining and another thing to go to a person and say "hey, I'll pay you to do A on THIS device with THIS app which you CLEARLY need to install and activate". One is dishonest, the other just seems like basic freedom in modern world?
But still doesn't address that it isn't just your data that is being gathered up from your phone. Your consenting to at least some data from the people you text and email being grabbed up and there is nothing they can do about it except not talk to you, assuming they were to even know.
No it's not:
GP was specifically asking about "back in the day", the comparison should be about the volume of data between then and now
You're quoting a different person, and clearly not, or they wouldn't be speculating on Nielsen's abilities in the present tense.
If, however, you want to make a wider argument about whether or not it's reasonable for Apple to take a very opinionated view of how their main computing platform should apply security/privacy protections, you're very welcome to do so. I happen to greatly value the choices Apple has made for iOS, and I encourage everyone who disagrees, to go and use Android.
See what I did there? It seems like confusing what a company could have done with what they did is a common rhetorical move these days.
Besides this isn't portrayed as an apple terms mismatch story it clearly reads as another pearl clutching privacy panic clickbait.
From the page describing the program: https://developer.apple.com/programs/enterprise/
Even if we were to pretend that isn't the case, why is it so necessary for companies to be able to suck up so much data about people? Why shouldn't we insist that companies respect our privacy in the same way we respect each others' privacy (I'm assuming that you don't go and peek into your neighbours' windows to figure out what they've been buying recently).
Not putting those issues aside, it's oddly paternalistic of us to assume people selling their data aren't making a rational trade. Uninformed data collection is one thing, but when we start looking down our noses at folks who are willing to get compensated for letting a big company spy on them consensually? That starts to look a bit "We know what's best for you, and it's not to let megacorporations have your data" elitist.
What if people look at the sum total of what companies have done with big data and like what they see?
If I were to guess, this stuff isn't just "here's a router and we'll send you a check". There should also be a huge and very detailed survey the user needs to fill out so that Google could then correlated that data with similar demographics based on co-visitation.
This is also not new. Many years ago at Google I sat directly across the hall from the team that did demographic inference based on (IIRC) Nielsen panel data. I think it's safe to say that _every_ advertising company does this one way or another.
Basically at a high level they'd look at where Nielsen-paid tracked folks (about whom they knew everything) went on the web, and then looked at you, and their algorithm would guess your gender, age, income level, education level, etc etc.
What I am doing though, is keeping watch for erosions of my privacy, and the privacy of the people whose data I have been entrusted with.
Don't casually wipe that away with your laissez-faire approach.
 - https://play.google.com/store/apps/details?id=com.google.and...
This isn't something you can do accidentally. What's the actual explanation, beyond "oops, we got caught"?
Everything about this app, from how it was coded, how it was signed, how it was distributed and how it was documented on google.com was done with full knowledge of what was going on - it had to be.
You can't build, release, or document an app like this without knowing that you're outside the normal App Store process.
I would not be surprised if the list of apps that a user has is not disclosed to Apple, and the only thing that is exchanged is Apple's "blacklist" of revoked certificates.
Apple still seem to be one of the very rare companies with this much power who even half-heartedly try. Not to defend Apple, of course, since they've done stuff that doesn't need to be defended.
I'm very curious to see how this plays out, though.
I am hoping this gains more traction and Google and Facebook get very publicly shammed.
However, I am curious if there is anything Apple can do to stop this without actually breaking the functionality of enterprise deployment certificates.
Google and Facebook would be the antagonists with the Enterprise Certificates and Apple would be protoganist, in these scenarios, yeah?
In other words, it's not as if Apple is telling these companies to use their Enterprise Certificates to skirt Apple's review process and then pulling their certificates when they're discovered to be doing so.
Calling Apple the antagonist, at least in these scenarios, seems a bit disingenuous to what's actually playing-out.
I think it's unfair comparing the 2. The Google product isn't grabbing the same about of personal data. It was focused on device usage, apps, media consumptions etc. Personally I was surprised Google were respectful enough to not be grabbing this data passively in the first place. This app was an add-on that was upfront about what it was doing and paid people for providing this access to their behaviour. And this desire to understand how people use products seems a reasonable thing for a company to want to know about improving and creating products.
Do people saying this is bad feel its wrong to get people in a research group for an unboxing to see how people unfamiliar with a product do things.
As long as its opt-in and clear about what its doing this seems reasonable and feels people are making a storm in a teacup... but maybe I'm missing something?
I haven't read a Techcrunch article in months.